Hi!
This spring I first faced strange situation described here: https://social.technet.microsoft.com/Forums/en-US/6e7e86aa-6cec-407c-9a18-dde090fccc0a/smart-card-rdp-logon-weird-behavior?forum=winserverTS
Now I see it again in different environment. Briefly again: We have third party smart cards integrated with users in AD using issuer and serial number fields from certificate as altSecurityIdentities. Client computer is Windows 10 and server version is 2016, both fully patched.
Problem: I can log onto my RDS server with smart card with some users, and suddenly, with next user I get error: your credentials could not be verified. If I take a look at security log on RDS server I see that login failed with error 4625 (Failure Reason: Unknown user name or bad password. Status: 0xC000006D Sub Status: 0xC000006A, account name is subject name from wrong certificate). Strange part here is, that user credentials listed in this event are not belonging to user who tried to log on!
After RDS server restart I can again log on with any smart card, first logon succeeds always.
Sometimes it can also happen, that I see wrong user data already in RDP client - I mean I use smart card of user A and RDP client shows certificate of user B. In other time client chows correct certificate but RDS server reports wrong.
The problem does not happen with any specific card but appears randomly with different users.
Very confusing!
Any ideas what to check or how to troubleshoot this issue?
Thanks,
UV